[19438] in Kerberos
Re: Kerberos Backend for LDAP
daemon@ATHENA.MIT.EDU (John Morris)
Wed Jun 18 19:18:56 2003
To: Matthew Smith <matt@forsetti.com>
From: John Morris <kerberos@butchwax.com>
In-Reply-To: <3e9db47c@news0.ucc.uconn.edu>
Date: 18 Jun 2003 18:17:32 -0500
Message-ID: <m3he6nkmb7.fsf@capsulecorp.lan.butchwax.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: kerberos@MIT.EDU
Errors-To: kerberos-bounces@mit.edu
Howdy, Matthew!
Matthew Smith <matt@forsetti.com> writes:
> Disclaimer: I will admit, right off the bat, that I am not very familiar
> with OpenLDAP.
> If there was a back-krb5 for OpenLDAP, would an unmodified slurpd be
> able to replicate the krb info, since slurpd just sees it as LDAP info?
> Does slurpd use the LDAP interface for obtaining data to replicate, or
> does it tie in somewhere behind the scenes?
> -Matt
I'm not an expert either, but here's how I believe that would work:
The back-krb5 interface would query the KDC each time an LDAP query is
made. If you have redundant LDAP servers, back-krb5 would be
configured to point at whichever KDC is appropriate. LDAP replication
of the KDC data isn't necessary, since the data isn't stored in
LDAP-native dbs. Any replication that goes on would be kprop, outside
of the LDAP system.
HTH
John
--
John Morris
+1-512-833-6004
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
